From 428681ee0a66b98136445d607bd51026b8a204b4 Mon Sep 17 00:00:00 2001 From: Bharath Rupireddy Date: Sat, 30 Oct 2021 09:27:36 +0000 Subject: [PATCH v1] Add pg_ls_logicalsnapdir, pg_ls_logicalmapdir and pg_ls_replslotdir functions These functions lists the contents of the respective directories, and are intended to be used by monitoring tools. Unlike pg_ls_dir(), access to it can be granted to non-superusers so that those monitoring tools can observe the principle of least privilege. Access is also given by default to members of pg_monitor. --- doc/src/sgml/func.sgml | 72 ++++++++++++++++++++++++ src/backend/catalog/system_functions.sql | 12 ++++ src/backend/utils/adt/genfile.c | 34 +++++++++++ src/include/catalog/catversion.h | 2 +- src/include/catalog/pg_proc.dat | 15 +++++ 5 files changed, 134 insertions(+), 1 deletion(-) diff --git a/doc/src/sgml/func.sgml b/doc/src/sgml/func.sgml index 4b49dff2ff..51825edb01 100644 --- a/doc/src/sgml/func.sgml +++ b/doc/src/sgml/func.sgml @@ -27407,6 +27407,78 @@ SELECT convert_from(pg_read_binary_file('file_in_utf8.txt'), 'UTF8'); can be granted EXECUTE to run the function. + + + + + pg_ls_logicalsnapdir + + pg_ls_logicalsnapdir () + setof record + ( name text, + size bigint, + modification timestamp with time zone ) + + + Returns the name, size, and last modification time (mtime) of each + ordinary file in the server's pg_logical/snapshots directory. + Filenames beginning with a dot, directories, and other special files + are excluded. + + + This function is restricted to superusers and members of + the pg_monitor role by default, but other users can + be granted EXECUTE to run the function. + + + + + + + pg_ls_logicalmapdir + + pg_ls_logicalmapdir () + setof record + ( name text, + size bigint, + modification timestamp with time zone ) + + + Returns the name, size, and last modification time (mtime) of each + ordinary file in the server's pg_logical/mappings directory. + Filenames beginning with a dot, directories, and other special files + are excluded. + + + This function is restricted to superusers and members of + the pg_monitor role by default, but other users can + be granted EXECUTE to run the function. + + + + + + + pg_ls_replslotdir + + pg_ls_replslotdir ( slot_name text ) + setof record + ( name text, + size bigint, + modification timestamp with time zone ) + + + Returns the name, size, and last modification time (mtime) of each + ordinary file in the server's pg_replslot/slot_name directory. + Filenames beginning with a dot, directories, and other special files + are excluded. + + + This function is restricted to superusers and members of + the pg_monitor role by default, but other users can + be granted EXECUTE to run the function. + + diff --git a/src/backend/catalog/system_functions.sql b/src/backend/catalog/system_functions.sql index 54c93b16c4..f6789025a5 100644 --- a/src/backend/catalog/system_functions.sql +++ b/src/backend/catalog/system_functions.sql @@ -701,6 +701,12 @@ REVOKE EXECUTE ON FUNCTION pg_ls_dir(text,boolean,boolean) FROM public; REVOKE EXECUTE ON FUNCTION pg_log_backend_memory_contexts(integer) FROM PUBLIC; +REVOKE EXECUTE ON FUNCTION pg_ls_logicalsnapdir() FROM PUBLIC; + +REVOKE EXECUTE ON FUNCTION pg_ls_logicalmapdir() FROM PUBLIC; + +REVOKE EXECUTE ON FUNCTION pg_ls_replslotdir(text) FROM PUBLIC; + -- -- We also set up some things as accessible to standard roles. -- @@ -715,6 +721,12 @@ GRANT EXECUTE ON FUNCTION pg_ls_tmpdir() TO pg_monitor; GRANT EXECUTE ON FUNCTION pg_ls_tmpdir(oid) TO pg_monitor; +GRANT EXECUTE ON FUNCTION pg_ls_logicalsnapdir() TO pg_monitor; + +GRANT EXECUTE ON FUNCTION pg_ls_logicalmapdir() TO pg_monitor; + +GRANT EXECUTE ON FUNCTION pg_ls_replslotdir(text) TO pg_monitor; + GRANT pg_read_all_settings TO pg_monitor; GRANT pg_read_all_stats TO pg_monitor; diff --git a/src/backend/utils/adt/genfile.c b/src/backend/utils/adt/genfile.c index c436d9318b..a83700c576 100644 --- a/src/backend/utils/adt/genfile.c +++ b/src/backend/utils/adt/genfile.c @@ -720,3 +720,37 @@ pg_ls_archive_statusdir(PG_FUNCTION_ARGS) { return pg_ls_dir_files(fcinfo, XLOGDIR "/archive_status", true); } + +/* + * Function to return the list of files in the pg_logical/snapshots directory. + */ +Datum +pg_ls_logicalsnapdir(PG_FUNCTION_ARGS) +{ + return pg_ls_dir_files(fcinfo, "pg_logical/snapshots", false); +} + +/* + * Function to return the list of files in the pg_logical/mappings directory. + */ +Datum +pg_ls_logicalmapdir(PG_FUNCTION_ARGS) +{ + return pg_ls_dir_files(fcinfo, "pg_logical/mappings", false); +} + +/* + * Function to return the list of files in the pg_replslot/ + * directory. + */ +Datum +pg_ls_replslotdir(PG_FUNCTION_ARGS) +{ + text *filename_t = PG_GETARG_TEXT_PP(0); + char path[MAXPGPATH + 11]; + char *filename; + + filename = text_to_cstring(filename_t); + snprintf(path, sizeof(path), "%s/%s", "pg_replslot", filename); + return pg_ls_dir_files(fcinfo, path, false); +} diff --git a/src/include/catalog/catversion.h b/src/include/catalog/catversion.h index 9faf017457..f1c2c4d1e9 100644 --- a/src/include/catalog/catversion.h +++ b/src/include/catalog/catversion.h @@ -53,6 +53,6 @@ */ /* yyyymmddN */ -#define CATALOG_VERSION_NO 202110272 +#define CATALOG_VERSION_NO 202110300 #endif diff --git a/src/include/catalog/pg_proc.dat b/src/include/catalog/pg_proc.dat index d068d6532e..ca0d6ca1d1 100644 --- a/src/include/catalog/pg_proc.dat +++ b/src/include/catalog/pg_proc.dat @@ -11619,6 +11619,21 @@ proallargtypes => '{oid,text,int8,timestamptz}', proargmodes => '{i,o,o,o}', proargnames => '{tablespace,name,size,modification}', prosrc => 'pg_ls_tmpdir_1arg' }, +{ oid => '4642', descr => 'list of files in the pg_logical/snapshots directory', + proname => 'pg_ls_logicalsnapdir', procost => '10', prorows => '20', proretset => 't', + provolatile => 'v', prorettype => 'record', proargtypes => '', + proallargtypes => '{text,int8,timestamptz}', proargmodes => '{o,o,o}', + proargnames => '{name,size,modification}', prosrc => 'pg_ls_logicalsnapdir' }, +{ oid => '4643', descr => 'list of files in the pg_logical/mappings directory', + proname => 'pg_ls_logicalmapdir', procost => '10', prorows => '20', proretset => 't', + provolatile => 'v', prorettype => 'record', proargtypes => '', + proallargtypes => '{text,int8,timestamptz}', proargmodes => '{o,o,o}', + proargnames => '{name,size,modification}', prosrc => 'pg_ls_logicalmapdir' }, +{ oid => '4644', descr => 'list of files in the pg_logical/mappings directory', + proname => 'pg_ls_replslotdir', procost => '10', prorows => '20', proretset => 't', + provolatile => 'v', prorettype => 'record', proargtypes => 'text', + proallargtypes => '{text,text,int8,timestamptz}', proargmodes => '{i,o,o,o}', + proargnames => '{slot_name,name,size,modification}', prosrc => 'pg_ls_replslotdir' }, # hash partitioning constraint function { oid => '5028', descr => 'hash partition CHECK constraint', -- 2.25.1